Skip to main content
dmccosh80
dmccosh80
New Member
April 5, 2016
Question

Fortigate Load Balancing (HTTP Cookie)

  • April 5, 2016
  • 1 reply
  • 10594 views

Hi All

 

I'm running 2 * FortiGate 300D (A-A), FW 5.2.2

We are experiencing problems with load balancing a particular Java Application.

We have a virtual server, containing 3 physical servers.

HTTP persistence via HTTP Cookie, load balance method https (Round Robin)

 

We are experiencing intermittent session problems; whereby page elements appear blank or entire blank pages. A page refresh is the only way to continue the session.

Confusingly, when we stop 2 physical servers and run with just one single physical server the problems still persist. (I had initially thought that persistence wasn't working correctly and some http requests were making their way to other physical servers)

When we remove the Virtual Server and just create a straightforward Firewall VIP we have no problems.

 

I realise that this description isn't much to go on, but if anyone has any help or ideas it would be greatly appreciated :)

 

Regards

David

1 reply

emnoc
emnoc
New Member
April 6, 2016

How does your cli vip cfg looks like and have you double checked

 

          set http-ip-header enable                  set persistence http-cookie    Have you ran any wireshark and validate the cookie  between the FGT and client?  
dmccosh80
dmccosh80Author
New Member
April 7, 2016

Hi emnoc

 

Thank you for your reply 

 

My config in the cli is as follows (I have not made any changes via the cli directly - all as a result from setting up via GUI)

edit "LB_XXXX" set uuid 1894d1be-fbc6-51e5-3cf0-f805f222744d set comment "Test" set type server-load-balance set extip xxx.xxx.xxx.xxx set extintf "port2" set server-type https set monitor "TEST" set ldb-method round-robin set persistence http-cookie set extport 443 config realservers edit 1 set ip 172.xxx.xxx.50 set port 443 next edit 2 set ip 172.xxx.xxx.51 set port 443 next edit 3 set ip 172.xxx.xxx.52 set port 443 next end set ssl-mode full set ssl-certificate "XXXX_CERT" next end

 

I will try your suggestion of performing a Wireshark sniff

 

Thanks Again

Regards

David

marcostauber
marcostauber
New Member
June 13, 2018

I have a similar problem. Error creating persistence.

 

set persistence http-cookie command parse error before 'persistence' Command fail. Return code -61

Terms & ConditionsAccessibility statement